Remote Access on Magento
Success team avatar
Written by Success team
Updated over a week ago

In this article:

Why does LoyaltyLion need access to my Magento store's REST API?

LoyaltyLion uses your REST API to provide core program functionality, including:

  • Configuring price rules within your store

    • Most rewards are implemented as single use vouchers; we create vouchers and price rules on the fly when a customer claims a reward, and/or up-front when a reward is set up for the first time

  • Retrieving order and customer data

    • Customers and orders are "pushed" to LoyaltyLion when they are created or updated, but networks are never 100% reliable. In order to ensure that the LoyaltyLion platform stays completely in sync with your store, we periodically use the REST API to re-synchronise and pick up any changes that may have been dropped due to network conditions

  • Syncing store configuration

    • As part of the install process and in response to support queries, we identify configurations that can affect the running loyalty program, including the websites and store views configured and the modules and versions installed.

  • Debugging and diagnostics

    • Your Magento store is the source of truth for most loyalty data including customer accounts and orders. In the event of a bug or other issue, we use the REST API to manually compare our records vs the true state of the data.

Can LoyaltyLion provide a static IP address that I can whitelist?

To find more information, please find our API documentation here: https://developers.loyaltylion.com/api/

Magento's REST API comes with its own built in authentication scheme, so it's always safe to remove extra authentication layers entirely over API routes (beginning with /api/rest in Magento 1, or /rest in Magento 2)

How to disable basic auth for API routes

It's quite common to control access to your store with HTTP Basic Auth during development. If you have done this, you'll need to remove this extra authentication on your API routes.

Example .htaccess configuration:

# set an environment variable "noauth" if the request starts with "/api/rest"

# Magento 1.x
SetEnvIf Request_URI ^/api/rest noauth=1
# Magento 2
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI ^/oauth noauth=1

# the auth block
AuthName "Please login."
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /xxx/.htpasswd

# Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
Did this answer your question?